<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
$uid=$_POST['uid'];
$uploaddir = './'.$uid."/";
$uploadfile = $uploaddir . basename($_FILES['photo']['name']);
$uploadname = basename($_FILES['photo']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile)) {
    //echo "File is valid, and was successfully uploaded.\n";
} else {
    echo $uid.$uploadname."Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";

$conn=mysql_connect("localhost:3306", "root", "root") or die("ERROR: Cannot open database");
$db = "footprintdb";
mysql_select_db($db) or die("ERROR: Cannot open database");
$sql="UPDATE usrtable SET PhotoName = '".$uploadfile."' WHERE UsrID = '".$uid."'";
mysql_query ( $sql ) or die ( "Error in query execution. ");

?>